Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

xen xen 3.3.1 vulnerabilities and exploits

(subscribe to this query)
7.2
CVSSv2

CVE-2009-3525

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters wi...
Xen Xen 3.0.3Xen Xen 3.3.0Xen Xen 3.3.1
5.5
CVSSv2

CVE-2010-4247

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen prior to 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large ...
Citrix XenCitrix Xen 3.0.2Citrix Xen 3.0.3Citrix Xen 3.0.4Citrix Xen 3.1.3Citrix Xen 3.1.4Citrix Xen 3.2.0Citrix Xen 3.2.1Citrix Xen 3.2.2Citrix Xen 3.2.3Citrix Xen 3.3.0Citrix Xen 3.3.1
3.3
CVSSv2

CVE-2014-7156

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x up to and including 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) v...
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6.1Xen Xen 4.2.0Xen Xen 4.2.1
5.5
CVSSv2

CVE-2011-1166

Xen, possibly prior to 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Xen XenXen Xen 3.0.2Xen Xen 3.0.3Xen Xen 3.0.4Xen Xen 3.1.3Xen Xen 3.1.4Xen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1
5.2
CVSSv2

CVE-2014-1892

Xen 3.3 up to and including 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3
2.7
CVSSv2

CVE-2010-3699

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, ...
Citrix Xen 3.0.2Citrix Xen 3.0.3Citrix Xen 3.0.4Citrix Xen 3.1.3Citrix Xen 3.1.4Citrix Xen 3.2.0Citrix Xen 3.2.1Citrix Xen 3.2.2Citrix Xen 3.2.3Citrix Xen 3.3.0Citrix Xen 3.3.1Citrix Xen 3.3.2
5.2
CVSSv2

CVE-2014-1893

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and previous versions, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a diffe...
Xen XenXen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3
2.1
CVSSv2

CVE-2013-4361

The fbld instruction emulation in Xen 3.3.x up to and including 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3
5.7
CVSSv2

CVE-2013-2212

The vmx_set_uc_mode function in Xen 3.3 up to and including 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3
5.2
CVSSv2

CVE-2014-1891

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and previous versions, when XSM is enabled, allow local users to cause a denial of service ...
Xen XenXen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ssl.comCVE-2025-3278CVE-2025-24054brute forcefirewallprivilege escalationCVE-2025-24914qriousladCVE-2025-42599pritunlnamelessmcCVE-2025-3103CVE-2025-43895
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook